Vulnerability Summary for the Week of January 19, 2026

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source Info	Patch Info
Agatasoft–AgataSoft PingMaster Pro	AgataSoft PingMaster Pro 2.1 contains a denial of service vulnerability in the Trace Route feature that allows attackers to crash the application by overflowing the host name input field. Attackers can generate a 10,000-character buffer and paste it into the host name field to trigger an application crash and potential system instability.	2026-01-23	7.5	CVE-2021-47893	ExploitDB-49567 Vendor Homepage VulnCheck Advisory: AgataSoft PingMaster Pro 2.1 – Denial of Service
Aida Computer Information Technology Inc.–Hotel Guest Hotspot	Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows SQL Injection. This issue affects Hotel Guest Hotspot: through 22012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.	2026-01-22	8	CVE-2025-4764	https://www.usom.gov.tr/bildirim/tr-26-0001
Altium–AES	AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this […] Content was cut in order to protect the source.Please visit the source for the rest of the article. This article has been indexed from Bulletins Read the original article: Vulnerability Summary for the Week of January 19, 2026 Share this: Facebook X LinkedIn Like this: Like Loading... Related Tags: Bulletins EN Post navigation ← Imperva Customers Protected Against CVE-2026-21962 in Oracle HTTP and WebLogic NDSS 2025 – all your (data)base are belong to us: Characterizing Database Ransom(ware) Attacks → Search for: Pages Advertising Contact Legal and Contact information Opt-out preferences Privacy Policy Social Media Apps Telegram Channel Recent Posts CISA Adds Five Known Exploited Vulnerabilities to Catalog January 26, 2026 Here’s the tech powering ICE’s deportation crackdown January 26, 2026 Best VPN Services of 2026: Fast, Secure & Affordable January 26, 2026 NDSS 2025 – all your (data)base are belong to us: Characterizing Database Ransom(ware) Attacks January 26, 2026 Vulnerability Summary for the Week of January 19, 2026 January 26, 2026 Imperva Customers Protected Against CVE-2026-21962 in Oracle HTTP and WebLogic January 26, 2026 IAM Identity Center now supports IPv6 January 26, 2026 IT Security News Hourly Summary 2026-01-26 21h : 8 posts January 26, 2026 CVE-2026-23864: React and Next.js Denial of Service via Memory Exhaustion January 26, 2026 Prompt Injection Is the New SQL Injection: How Hackers Are Breaking into AI Systems January 26, 2026 Randall Munroe’s XKCD ‘High Altitude Cooking Instructions’ January 26, 2026 Emergency Microsoft update fixes in-the-wild Office zero-day January 26, 2026 Hundreds of Exposed Clawdbot Gateways Leave API Keys and Private Chats Vulnerable January 26, 2026 Raspberry Pi Project Turns Wi-Fi Signals Into Visual Light Displays January 26, 2026 Google’s Universal Commerce Protocol: Why the Future of Agentic Commerce Depends on Security January 26, 2026 eScan Antivirus Supply Chain Breach Delivers Signed Malware January 26, 2026 Fake Microsoft Teams Billing Phishing Alerts Reach 6,135 Users via 12,866 Emails January 26, 2026 Security strategies for safeguarding governmental data January 26, 2026 Updated PCI PIN compliance package for AWS CloudHSM now available January 26, 2026 Secure, Reliable Terraform At Scale With Sonatype Nexus Repository January 26, 2026 Copyright © 2026 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com. Manage Consent To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions. Functional Functional Always active The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network. Preferences Preferences The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user. Statistics Statistics The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you. Marketing Marketing The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes. Manage options Manage services Manage {vendor_count} vendors Read more about these purposes View preferences {title} {title} {title}

Primary
Vendor — Product

Description

Published

CVSS Score

Source Info

Patch Info

Agatasoft–AgataSoft PingMaster Pro

AgataSoft PingMaster Pro 2.1 contains a denial of service vulnerability in the Trace Route feature that allows attackers to crash the application by overflowing the host name input field. Attackers can generate a 10,000-character buffer and paste it into the host name field to trigger an application crash and potential system instability.

2026-01-23

7.5

CVE-2021-47893

ExploitDB-49567
Vendor Homepage
VulnCheck Advisory: AgataSoft PingMaster Pro 2.1 – Denial of Service

Aida Computer Information Technology Inc.–Hotel Guest Hotspot

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows SQL Injection. This issue affects Hotel Guest Hotspot: through 22012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

2026-01-22

CVE-2025-4764

https://www.usom.gov.tr/bildirim/tr-26-0001

Altium–AES

AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Bulletins

Read the original article:

Vulnerability Summary for the Week of January 19, 2026

← Imperva Customers Protected Against CVE-2026-21962 in Oracle HTTP and WebLogic

NDSS 2025 – all your (data)base are belong to us: Characterizing Database Ransom(ware) Attacks →

High Vulnerabilities

Read the original article:

Share this:

Like this:

Related

Post navigation